JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.233.20.212

104.233.20.212 was found in our database!

This IP was reported 22 times. Confidence of Abuse is 1%: ?

ISP	FASTPLANET LTD
Usage Type	Data Center/Web Hosting/Transit
ASN	AS9009
Domain Name	fastplanet.com
Country	🇨🇦 Canada
City	Montreal, Quebec

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.233.20.212

Whois 104.233.20.212

IP Abuse Reports for 104.233.20.212:

This IP address has been reported a total of 22 times from 5 distinct sources. 104.233.20.212 was first reported on October 30th 2023, and the most recent report was 4 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 4 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-01 02:40:48 (4 weeks ago)	(mod_security) mod_security (id:210492) triggered by 104.233.20.212 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.233.20.212 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 31 22:40:44.790489 2026] [security2:error] [pid 12707:tid 12728] [client 104.233.20.212:48427] ModSecurity: Access denied with code 403 (phase 1). Matched phrase ".htaccess" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.kettlehill.net"] [uri "/a.htaccess"] [unique_id "ahzxLPr1zQOtbkd9viUzigAAABE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-01-17 09:30:15 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 104.233.20.212 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.233.20.212 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jan 17 04:29:57.127573 2026] [security2:error] [pid 2380:tid 2380] [client 104.233.20.212:37767] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.nbcnewsradio.com"] [uri "/.env.nbcnewsradio"] [unique_id "aWtWlcWN1Eeyjc4m61-J7AAAACU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-29 21:33:16 (5 months ago)	(mod_security) mod_security (id:211190) triggered by 104.233.20.212 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:211190) triggered by 104.233.20.212 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 29 16:33:11.348312 2025] [security2:error] [pid 21673:tid 21684] [client 104.233.20.212:42495] ModSecurity: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt\|\|mail.kettlehill.net\|F\|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /cgi-bin/mj_wwwusr?passw&list=GLOBAL&user&func=help&extra=/../../../../../../../../etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.kettlehill.net"] [uri "/cgi-bin/mj_wwwusr"] [unique_id "aVLzl9oKFoxlNLdnJRxeUQAAAEg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-12 11:40:04 (7 months ago)	(mod_security) mod_security (id:210492) triggered by 104.233.20.212 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.233.20.212 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 12 06:39:56.377093 2025] [security2:error] [pid 12622:tid 12622] [client 104.233.20.212:39583] ModSecurity: Access denied with code 403 (phase 1). Matched phrase ".htaccess" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.nbcnewsradio.com"] [uri "/sample.htaccess"] [unique_id "aRRyDFwCmoPdT4UjT1wEUAAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-09-26 04:08:12 (9 months ago)	(mod_security) mod_security (id:210730) triggered by 104.233.20.212 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 104.233.20.212 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Sep 26 00:08:06.824794 2025] [security2:error] [pid 26153:tid 26153] [client 104.233.20.212:36049] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|ftp.deandobkin.com\|F\|2"] [data ".key"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "ftp.deandobkin.com"] [uri "/ssl/localhost.key"] [unique_id "aNYRpq2at6S6I2ykqB-u5QAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-07-27 04:33:52 (11 months ago)	(mod_security) mod_security (id:240950) triggered by 104.233.20.212 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240950) triggered by 104.233.20.212 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jul 27 00:33:45.787304 2025] [security2:error] [pid 872113:tid 872134] [client 104.233.20.212:43439] ModSecurity: Access denied with code 403 (phase 1). Pattern match "\\\\D" at TX:1. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "4530"] [id "240950"] [rev "2"] [msg "COMODO WAF: XSS & SQL injection vulnerability in Pragyan CMS 3.0 (CVE-2015-1471)\|\|cpanel.kettlehill.net\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "cpanel.kettlehill.net"] [uri "/_users/org.couchdb.user:poc"] [unique_id "aIWsKUY_i7hthZO8VUmUJgAAAYs"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-07-27 01:24:37 (11 months ago)	Ports: 2077,2078,2082,2083,2086,2087,2095,2096; Direction: 0; Trigger: LF_DISTATTACK	Brute-Force SSH
🇺🇸 TPI-Abuse	2025-05-29 22:45:35 (1 year ago)	(mod_security) mod_security (id:226830) triggered by 104.233.20.212 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:226830) triggered by 104.233.20.212 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 29 18:45:32.758714 2025] [security2:error] [pid 3685131:tid 3685131] [client 104.233.20.212:39533] ModSecurity: Access denied with code 403 (phase 1). Operator GE matched 1 at ARGS_GET. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/27_Apps_WPPlugin.conf"] [line "6392"] [id "226830"] [rev "2"] [msg "COMODO WAF: Open redirect vulnerability in the Redirect function in the StageShow plugin before 5.0.9 for WordPress (CVE-2015-5461)\|\|whm.farmers123.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WPPlugin"] [hostname "whm.farmers123.com"] [uri "/wp-content/plugins/stageshow/stageshow_redirect.php"] [unique_id "aDjjjFuqpbKMsqOWbQqt8wAAABg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-04-19 03:08:59 (1 year ago)	(mod_security) mod_security (id:210730) triggered by 104.233.20.212 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 104.233.20.212 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Apr 18 23:08:51.908852 2025] [security2:error] [pid 7553:tid 7574] [client 104.233.20.212:52545] [client 104.233.20.212] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|blog.spinningdesigns.com\|F\|2"] [data ".cs"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "blog.spinningdesigns.com"] [uri "/nonauth/expiration.cs"] [unique_id "aAMTw3_M9TFpSRNsjaQWUwAAABI"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-01-25 09:00:18 (1 year ago)	\| Common web attack.	Hacking SQL Injection Web App Attack
Anonymous	2024-11-21 00:03:09 (1 year ago)	alibaba cloud ddos like web scan	Bad Web Bot
Anonymous	2024-11-13 23:53:37 (1 year ago)	alibaba cloud ddos like web scan	Bad Web Bot
Anonymous	2024-11-02 05:19:49 (1 year ago)	alibaba cloud ddos like web scan	Bad Web Bot
Anonymous	2024-10-25 23:24:53 (1 year ago)	alibaba cloud ddos like web scan	Bad Web Bot
Anonymous	2024-10-18 22:47:59 (1 year ago)	alibaba cloud ddos like web scan	Bad Web Bot

Showing 1 to 15 of 22 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇪🇹 196.189.245.127

🇧🇷 187.110.238.50

🇩🇪 44.130.9.183

🇰🇷 43.133.233.246

🇹🇼 34.81.72.185

🇺🇸 2620:171:e2:f005:9999::246

🇺🇸 135.119.89.57

🇫🇷 85.217.140.37

🇺🇸 68.207.224.247

🇺🇸 44.38.35.171

🇪🇬 41.234.212.198

🇮🇳 34.93.128.179

🇩🇪 8.211.46.188

🇩🇪 167.94.146.35

🇨🇳 106.75.224.165

🇨🇳 106.12.127.43

🇺🇸 98.89.204.118

🇫🇷 85.217.140.50

🇧🇬 78.128.112.30

🇺🇸 74.82.47.14